Zentyal Auth and Shared Folders configuration on Linux

Communication, Development  Tagged , , , , No Comments »

Xavy Bahillo has just published a short article on configuration of Authentication and Shared Folders on Ubuntu using Zentyal as server.

He is showing a solution with SSSD and pam_mount.

http://www.jbahillo.com/remote-identification-and-storage

 

A post by Jose Juan

Introducing the Zentyal configuration backup

Communication, Community members, Development  Tagged , , , , , , 4 Comments »

I am sure that I don’t need to drill you about the importance of backing up your system. Ideally the whole system is backed up, but this costs time and space.

However, as very convenient shortcut, there is an easy (and free) way of backing up the Zentyal server configuration. With this configuration backup you can quickly restore your Zentyal server to a production state. And it does not need to be the same box, you can also use the configuration backup to apply the configuration to a new server.

The configuration backup also includes all the user and group accounts so your users can continue logging in to the services they use.

There are several ways to make and restore the configuration backup. The more versatile is to use Zentyal Cloud Service that comes with the Free Account registration: this way the backup will reside in the cloud and you could apply it to any of your Zentyal boxes. You can get a free account here.

To access to this feature in the web interface, you must click in System -> Import/Export configuration. A console interface is also available through the programs ‘/usr/share/zentyal/make-backup’ and ‘/usr/share/zentyal/restore-backup’.

How this works?

To the curious among us, let me explain its internal workings. The backup is just an archive file in TAR format, that includes the files describing the configuration.

First, the backup process writes some files with metadata, like the current date or the packages installed in the system. Then it loops through the installed modules making each one to dump its configuration.

Remember that the configuration values we see reflected in the web interface are stored in a Redis backend. So each module must dump its Redis keys and value to a file. However the Redis keys are not sufficient for all modules. Remember that the users and its related data are stored in LDAP. In this case the users module does a dump of the full directory in LDIF format.

Likewise the samba module dumps its internal database and the modules which use OpenSSL certificates to store them in the backup archive.

When the backup is finished, it is stored in your local file system: you can download or restore it from the Zentyal web interface.

For restoring a backup the same process is run in reverse, picking each of the files and importing them to our Zentyal system.

Configuration backup and the Backup module

As you may known Zentyal also has a file backup module which allows you to set the files to be backed up, the destination of the backup and its frequency.

A configuration backup is added to the backup of the selected files to have better recovery odds.

Backup in the cloud

One problem remains in this configuration backup schema and it is to store it in a remote, always-accessible location. The location which meets these requirements is the Internet, now dubbed cloud.

Zentyal Remote offers this service. It checks daily your Zentyal configuration and the contents of the LDAP directory, if it finds any changes, it makes automatically a backup and sends it to the cloud.

The number of simultaneous held backups depends on the type of edition you have. A community edition with Free Account can store one configuration backup, a Small Bussiness or Enterprise edition can have up to seven configuration backups. Furthermore, the seven configuration backup-limit only applies to automatic backups, you can have as many manual backups as you like.

Once you have your backup in the cloud, you can restore it in any of your subscribed Zentyal servers using the web interface.

Post written by Javier Amor Garcia

A post by Julio José García Martín

Zentyal supports the Python Software Foundation

Communication, Development  Tagged , , , , No Comments »

Few weeks ago the Python Software Foundation asked for help in a trademark issue that involves “Python”.

As Zentyal uses Python as main programming language for our cloud based services and in the testing of Zentyal Server, we have decided to submit a letter for helping the Python Software Foundation as much as we can.

Please, if you use Python in any way, support them!!

Check out this letter template that might help you to send your own support letter to the Python Software Foundation.

 

 

 

A post by Julio José García Martín

Quality and FOSDEM talks

Development, Process  Tagged , , , , , , , 1 Comment »

FOSDEM LOGOThe first weekend of February, the ULB Campus in Brussels held one of the biggest events in Europe about open source communities and development, the FOSDEM. Some Zentyalers decide to take few days off and go to that nice city and enjoy the weather (just kidding although it wasn’t that bad… ), all the talks and interesting people that get together.

Of course I was one of team members who joined the event, and besides the great beer, I especially liked a talk that the community of Libre Office gave. It was about the path they have been following lately and how they have refactored and improved such a great application. Here is a link to the video in case you want to enjoy an interesting talk.

There were two things that really touched me. The first one was the culture shift they suffer to allow them to build a better product and empower new contributors to collaborate with them. Short iterations, don’t ask permission ask forgiveness, embrace change… and the most important of all of them, have fun developing :) Fantastic!!!

The second one, was quality. They have done a big effort to build quality in the core of their project. Doing unit tests, refactoring to improve the code and its maintainability and what’s more important, giving the quality the necessary importance to reduce the bugs to a minimum. We definitively share that vision and have always considered that the best way to assure quality is to build it from the beginning, inside your products, not leaving it for the last part of the project or any other phase.

At Zentyal we have always put a great effort in building our products with the best quality. Moreover, in the past months we have done a similar switch to a more quality centered development. We are still working on fully changing our focus, but you can see already some of the improvements in the community version as well as in the Software and Security updates of the commercial commercial versions.

By the way, Libre Office has just released the 4.0 version. Check it out, at Zentyal we use it in our daily work and it’s great.

A post by Julio José García Martín

Zentyal Internal Plumbing (Part I): Mail

Communication, Development  Tagged , , , , , , 4 Comments »

Hello all,

Some of our advanced users don’t have enough just interacting with the Zentyal interface, and want to go deeper in its entrails, to know the abstracted-out details. In this series of small blog posts I would try to clarify how the different components are interconnected.

plumbing

I want to cover the following sub-systems:

  • Mail (Mail module only version)
  • Mail (Groupware version)
  • Samba4 and Kerberos & how it connects to other sub-systems
  • HTTP proxy

Let’s start with the Mail (Mail module only) and it’s general interconnection map:

(click to enlarge image)

This diagram also includes all the mailfilter capabilities.

Point by point:

A: Postfix is our Mail Transfer Agent, in charge of delivering and accepting mails from other mail servers.

B: The standard entry point for the SMTP protocol, it can support security via STARTTLS. Intended for communication with external MTAs.

C: Same than B, this port is intended for local users delivery.

D: Same than B, but with forced TLS communication.

E: Every time the MTA receives a new message, the associated domain can be checked against the Postgrey database, this mechanism can force retries to deter spamming bots.

F: Dovecot, our Mail Delivery Agent, distributes the mail to the users’ mail boxes.

G: Dovecot is able to accept SIEVE rules (filters, forwards, flags and so on) using this port.

H: SIEVE is sub-systems implementing a scripted language that performs the configured rules over the incoming mail. Take into account that SIEVE rules can, in turn, talk to the MTA to forward a mail again.

I: Your Mail User Agent (mail client) will retrieve the mails from the MDA, using POP, IMAP or their secure versions.

J: Amavis is a security suite that will use other components to filter potentially dangerous mail.

K: Messages are forwarded from the MTA to Amavis, checked, tagged according to their spam status and then returned to Postfix.

L: Amavis uses an unix socket to pass the messages to the ClamAV antivirus for inspection. Infected messages will be stored away in the quarantine folders, thus, they won’t be delivered to their recipients.

M: The Spamassassin suite uses multiple auto-adjusting mechanism to detect unwanted mail.

N: Fetchmail can periodically retrieve mail form external accounts and insert it in our system talking with the MTA.

O: The Webmail service can be deployed to communicate with the MTA and MUA using a webapp.

Hope this had shed some light, the next post will reuse a lot of this concepts.

A post by Mateo Burillo

Dynamic DNS with Zentyal (Community approach)

Communication, Development  Tagged , , , 9 Comments »

DHCP and DNS infrastructure services are quite good for working
together. So Zentyal whose aim is to provide a tightly integrated
product had to make it work together.

Its cooperation is based on DHCP server asking to add the DHCP clients
in DNS zones. For instance, your client called foo asks for a IP
address lease to connect to your local network. Once the lease is
done, the DHCP server ask to DNS server to add foo client with the
given IP address to the configured dynamic DNS zone, for example,
example.lan.

Therefore, if you ask for foo.example.lan then the leased IP address
is returned, and reverse resolution also returns as expected.

The above explanation was the simplest and easiest to understand by
Zentyal community as these posts reminds me. But I thought the right
way to do it is to set the hostname by the sysadmin. That is, if your
host is a dynamic one and it is not a server, then a dynamic name is
set such as dyn-192.168.0.1.example.lan . Furthermore, due to time
constraints I was not able to finish a complete dynamic DNS + DHCP feature in
the past and reverse resolution was not implemented. That was odd for
Zentyal users although it is stated clearly in the documentation.

So, we decided to fix these things when a slot of time was available, so
I was able to finish the proper implementation with this shiny
features:

  • Set the hostname based on DHCP client data when the client belongs to a DHCP range
  • Reverse resolution is working for DHCP client names
  • Mix static and dynamic defined DNS zones

The latter feature is a very neat one. This allows you as Zentyal
administrator to have a DHCP server assigning names and IP addresses
dynamically, as the hosts requests and releases demands to, and you as
system administrator are able to manage the zone to add different
resource records to that zone, such as, specific host names, alias,
name servers or mail exchangers.

In order to do that, I used nsupdate tool to dynamically set the
manual settings in a dynamic zone allowing us not to corrupt the
journal file by named daemon and be as kind as possible with bind.

List of DNS domains

Dynamic and static DNS domains

To sum up, to maximise this new feature you firstly must create a domain in
DNS section and then select it in the Dynamic DNS options from DHCP
section. Once this is done, save changes. Then, every new client
request will update your DNS zones to give direct and reverse
resolution for this name – IP address pair.

Dynamic DNS options in DHCP module

Dynamic DNS options in DHCP module

This feature is available in 2.X package series of Zentyal server. Namely, ebox-dns 2.0.3 and ebox-dhcp 2.0.4 are the packages with this feature.

Listening to your community requirements usually make your product better! :)

Best regards and thanks a million for your feedback on this great feature!

Edit: I have updated the post to include the definite version of the packages.

A post by Enrique Hernandez

Zentyal Disaster Recovery

Communication, Development  Tagged , , 1 Comment »

Hi there people!

It’s been a lot time since the last time I wrote in a blog (2 years and a half ago exactly). Somehow it always happens you almost forgot you had a blog to write stories or even something interesting. However, in Zentyal there was a proposal to spread out the word both internally and externally about the stuff we do, and I was there to give a Zen Chat and I’m here again to talk about a brand new service we offer: the Disaster Recovery.

Have you ever found yourself in a situation where you have lost everything in your server because of power outage or simply the server hard disk collapse? Or even having configured the backup properly, you have lost hours or even days setting up everything again? Here it comes Disaster Recovery to help you to reduce your downtime. With this service, your data will be safely stored in a remote and redundant location with a pretty straightforward configuration.

Disaster Recovery backup configuration form

Disaster Recovery backup configuration

Available backup domains

Available data to back up

But the main advantage of this service is its ease to recover your server from a disaster. Supposing you have lost your server hard disk but thanks to $DEITY you have found one empty in your desk. In that moment, your recovering procedure is as simple as follow these simple steps:

  1. Insert Zentyal Server ISO and enter in Disaster Recovery mode
  2. Configure your new hard disk and minimal network settings
  3. Enter your user/password for Disaster Recovery service
  4. Select your server and date
  5. Have a cup of tea and watch how progress bars work for you

Restoring process progress bar

Restoring process

In order to make this feature works seamlessly in Zentyal, we had to work really hard on making restoring process rock solid. This have required the total implication from the Zentyal Development Team since
it almost covers the whole code base in Zentyal server. Not only making functional tests but also testing configuration automatically using our homemade tool, ANSTE.We have found rough edges with our
data back-end, get into the guts of Perl IPC or discovering how UTF-8 is really beautiful, but poorly integrated in some applications.

It has been a very tough time, but we think this feature deserves so.

PS: You can try the configuration backup if your server has free Basic Subscription. The full Disaster Recovery service is only available for servers with Professional or Enterprise Server Subscriptions.

A post by Enrique Hernandez


WordPress Theme & Icons by N.Design Studio. WPMU Theme pack by WPMU-DEV.
Entries RSS Comments RSS Log in